Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41883

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

8.1CVSS5.6AI score0.00382EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 4:16 p.m.16 views

CVE-2026-41883

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

8.1CVSS0.00382EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 3:36 p.m.10 views

CVE-2026-41883 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

8.1CVSS5.8AI score0.00382EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:36 p.m.7 views

CVE-2026-41883

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

8.1CVSS5.8AI score0.00382EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/08 3:36 p.m.35 views

CVE-2026-41883 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

8.1CVSS0.00382EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:36 p.m.16 views

CVE-2026-41883

OmniFaces is affected by a server-side EL injection in CDNResourceHandler when using a wildcard CDN mapping (for example libraryName:=https://cdn.example.com/ ). An attacker can craft a resource request URL containing an EL expression in the resource name, which is evaluated server-side, leading ...

8.1CVSS5.8AI score0.00382EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.14 views

omnifaces 安全漏洞

OmniFaces is an open-source JSF utility library developed by OmniFaces. There are security vulnerabilities in versions prior to 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3. These vulnerabilities stem from server-side EL injection, which may lead to remote code execution...

8.1CVSS6.1AI score0.00382EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/21 8:0 p.m.8 views

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22018 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22018 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

3.7CVSS7.2AI score0.00269EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/21 8:0 p.m.7 views

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22013 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22013 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

5.3CVSS7.2AI score0.0028EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.8 views

com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)

org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...

8.1CVSS5.8AI score0.00382EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.8 views

com.flowlogix.depchain:shiro-jakarta (>=18 <=100), com.flowlogix:jee-examples (>=6.0 <=9.0.3) +23 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=4.0-M16 <=4.7.3)

org.omnifaces:omnifaces MAVEN version =4.0-M16, =18, =6.0, =1.6.0, =1.0, =4.1.0, =4.6.5 and more Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...

8.1CVSS5.8AI score0.00382EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.8 views

com.flowlogix:flowlogix-datamodel (>=4.0.1 <=4.0.9), com.flowlogix:flowlogix-jee (>=4.0.1 <=4.0.9) +25 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=3.1 <=3.14.12)

org.omnifaces:omnifaces MAVEN version =3.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =1.1.0, =1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.4 and more Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...

8.1CVSS5.4AI score0.00382EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.7 views

com.flowlogix.depchain:shiro-jakarta (>=18 <=100), com.flowlogix:jee-examples (>=6.0 <=9.0.3) +23 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=4.0-M16 <=4.7.3)

org.omnifaces:omnifaces MAVEN version =4.0-M16, =18, =6.0, =1.6.0, =1.0, =4.1.0, =4.6.5 and more Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...

8.1CVSS5.8AI score0.00382EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.17 views

co.luminositylabs.oss.ica.migration:legacy-data-viewer-webapp (=0.2.0), com.aripd:aricom (=1.0) +13 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=2.1 <=2.7.1)

org.omnifaces:omnifaces MAVEN version =2.1, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =1.0.0-RC1, =1.0.0, =0.1, =0.14 Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...

8.1CVSS5.8AI score0.00382EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.6 views

co.luminositylabs.oss.ica.migration:legacy-data-viewer-webapp (=0.2.0), com.aripd:aricom (=1.0) +13 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=2.1 <=2.7.1)

org.omnifaces:omnifaces MAVEN version =2.1, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =1.0.0-RC1, =1.0.0, =0.1, =0.14 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...

8.1CVSS5.8AI score0.00382EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.10 views

com.flowlogix.depchain:shiro-jakarta (>=101 <=115), de.muehlencord.pf-adm:pf-adm-spring-boot-autoconfigure (=0.2.0) +6 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=5.0-M2 <=5.2.2)

org.omnifaces:omnifaces MAVEN version =5.0-M2, =101, =5.0-M2, =5.0-M2, =6.0.4, =6.0.4, =6.1.0-m4 Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...

8.1CVSS5.8AI score0.00382EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.7 views

com.flowlogix.depchain:shiro-jakarta (>=101 <=115), de.muehlencord.pf-adm:pf-adm-spring-boot-autoconfigure (=0.2.0) +6 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=5.0-M2 <=5.2.2)

org.omnifaces:omnifaces MAVEN version =5.0-M2, =101, =5.0-M2, =5.0-M2, =6.0.4, =6.0.4, =6.1.0-m4 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...

8.1CVSS5.8AI score0.00382EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.6 views

com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)

org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...

8.1CVSS5.8AI score0.00382EPSS
Exploits0
OSV
OSV
added 2026/04/16 9:31 p.m.6 views

GHSA-VP6R-9M58-5XV8 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping

Impact Server-side EL injection leading to Remote Code Execution RCE. Affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g. libraryName:=https://cdn.example.com/. An attacker can craft a resource request URL containing an EL expression in the resource name, which is...

8.1CVSS5.9AI score0.00382EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.9 views

com.flowlogix:flowlogix-datamodel (>=4.0.1 <=4.0.9), com.flowlogix:flowlogix-jee (>=4.0.1 <=4.0.9) +25 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=3.1 <=3.14.12)

org.omnifaces:omnifaces MAVEN version =3.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =1.1.0, =1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.4 and more Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...

8.1CVSS5.4AI score0.00382EPSS
Exploits0
Rows per page
Query Builder